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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 03 December 2007 . 
2a)D This action is FINAL; 2b)[X] This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
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4) IEI Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) I3 Claim(s) 1-22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

£))□ The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since 
this application is eligible for continued examination under 37 CFR 1.114, and the fee 
set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office 
action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
December 03, 2007 has been entered. Claims 1-22 are pending. At this time, claims 1- 
22 are still rejected. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) filed on October 10, 2007 is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

Response to Arguments 

3. Applicant's arguments filed December 03, 2007 have been fully 
considered but they are not persuasive. 

As Applicant has addressed this argument in the previous remark and 
repeated herein. Applicant argues that: 

Neither Slemmer nor Maufer, invidually or in combination, discloses a 
single device that both bridges and routes incoming packets. 

Examiner respectfully disagrees with applicant and still maintain that: ' 
Slemmer teaches the a system for providing uninterrupted communication 
over a network link includes a multi-port switch (e. g., bridges) that is connected to a 
first network portion and a second network portion that are communicating with one 
another. The multi-port switch is also connected to a separate server unit, such as a 
firewall (e.g., router or gateway) computer. The switch is configured to direct 
communication signals flowing between the first network portion and the second 
network portion through the separate server unit for processing during normal operation. 
When the separate server unit fails, however, the switch is reconfigured so that 
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communications bypass the separate server unit. In a preferred embodiment, a 
Ethernet switch having virtual local area network (VLAN) capability is used. Although 
Slemmer teaches a firewall, Slemmer is silent on the capability of showing the source 
address (if indeed is inherently in Slemmer). On the other hand, Maufer teaches the 
source and destination address (column 1, lines 40-62; column 3, lines 60-67 of 
Maufer). In addition, Maufer futher teaches the packets are being routed (see Maufer's 
abstract and column 16, lines 23-31 of Maufer). Thus, the combination of teaching 
between Slemmer and Maufer teaches the claimed subject matter. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., discloses a single device that both bridges and routes incoming packets) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re 
Van Geuns, 988 F.2d1181, 26 USPQ2d 1057 (Fed. Cir. 1993). It appears that 
Applicant has tried to interpret "within the first network" as a single device. It is not true 
that a network is compatible with a single device, since many devices can be in one 
network. 

In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the combination 
of teaching between Slemmer and Maufer is proper and efficient. 

Slemmer and Maufer do not need to disclose anything over and above the 
invention as claimed in order to render it unpatentable or anticipate. A recitation of the 
intended use of the claimed invention must result in a structural difference between the 
claimed invention and the prior art in order to patentably distinguish the claimed 
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invention from the prior art. If the prior art structure is capable of performing the 
intended use, then it meets the claimed limitations. 

For the above reasons, it is believed that the rejections should be 

sustained. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition 
of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 1-22 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

a. Referring to claim 13: 

i. Claim 13 recites "A computer program embodied in a 
machine-readable medium, the computer program comprising instructions for controlling 
a firewall to perform the following steps: receive first packets and second packets at a 
first device; determine, at the first device, that the first packets should be bridged, the 
first packets having a first source address and a first destination address within the first 
network; apply a first screening process to the first packets at the first device; 
determine, at the first device, that the second packets should be routed; and apply a 
second screening process to the second packets at the first device." The claim is 
directed toward a software program, and this is a non-statutory subject matter. 
Furthermore, applicant has pointed out in the specification (see page 17, lines 16-19 of 
specification) "The invention may also be embodied in a carrier wave traveling 
over an appropriate medium such as airwaves, optical lines, electric lines, etc. " 
which clearly including intangible media such as signals, carrier waves, transmissions, 
optical waves, transmission media or other media incapable of being touched or 
perceived absent the tangible medium through which they are conveyed. Therefore, 
claim 13 recites a non-statutory subject matter. 

b. Referring to claims 14-16: 
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i. These claims are dependent claim of 13, thus they are 
rejected with the same rationale applied against claim 13 above, 
b. Referring to claims 1-12. and 17-22: 

i. These claims consist a firewall to implement claim 13, thus 
they are rejected with the same rationale applied against claim 33 above. Since claim 
13 is the evidence, therefore, claims 1-12 and 17-22 are also non-statutory. 

Claim Rejections • 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 

all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Slemmer (US 6,240,533 B1), and further in view of Maufer et al (US 7,143,188 
B2). 

a. Referring to claim 1: 

i. Slemmer teaches a firewall, comprising: 

(1) a first port configured for communication with a first 
device within a first network (see Figures 4 & 5 and further details on column 4, 
line 52 of Slemmer); 

(2) a second port configured for communication with a 
second device within the first network (see Figures 4 & 5 and further details on 
column 4, lines 52-53 of Slemmer); 

(3) a third port configured for communication between the 
first network and a second network (see Figures 4 & 5 and further details on 
column 4, lines 51-58 of Slemmer); and 
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(4) a processor configured to: determine that a first 
portion of the incoming packets should be bridged, the first portion having a first 
source address and a first destination address within the first network (column 4, 
lines 7-32 of Slemmer); 

(5) apply a first screening process to the first portion 
(column 4, lines 32-41 of Slemmer); 

(6) determine that a second portion of the incoming 
packets should be routed, the second portion having a second source address or a 
second destination address outside the first network; and apply a second screening 
process to the second portion (column 4, lines 42-67 through column 5, lines 1- 
10 of Slemmer). 

ii. Although Slemmer teaches a firewall, Slemmer is silent on 
the capability of showing the source address (if indeed is inherently in Slemmer). 
On the other hand, Maufer teaches the source and destination address (column 1, 
lines 40-62; column 3, lines 60-67 of Maufer). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Slemmer (if indeed is 
not inherently) with the teaching of Maufer to form a packet (column 3, lines 69-60 
of Maufer). 

iv. The ordinary skilled person would have been motivated to: 

(1) have modified the invention of Slemmer (if indeed is 
not inherently) with the teaching of Maufer to enhanced security for communication 
over a network, and more particularly to integration of Network Address Translation 
(NAT) with Internet Protocol Security (IPSec) (column 1, lines 8-11 of Maufer). 

b. Referring to claim 2: 

i. Slemmer further teaches: 
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(1) wherein the at least one processor is configured to 
control traffic between the first device and the second device according to a 
spanning tree protocol (column 3, lines 54-67 through column 4, lines 1-3 of 
Slemmer). 

c. Referring to claim 3: 

i. Slemmer further teaches: 

(1) wherein the at least one processor is configured to 
control traffic between the first device and the second device according to one or more 
fields in a layer 2 header of a packet (column 3, lines 54-67 through column 4, lines 
1-3; column 4, lines 30-32 of Slemmer). 

d. Referring to claim 4: 

i. Slemmer teaches: 

(1) wherein the at least one processor is configured to 
perform an initial check on a packet, wherein the procedures of the initial check are 
selected from the group consisting of checking for broadcasting, multicasting and 
Internet protocol fragments (column 4, lines 59-67 through column 5, lines 1-11 of 
Slemmer). 

e. Referring to claim 5: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the at least one processor is configured to 
apply the first screening process according to security policies implemented at one or 
more of layers 3 through 7 (column 2, lines 45-67 of Maufer). 

f. Referring to claims 6-7: 

i. These claims have limitations that is similar to those of claim 
5, thus they are rejected with the same rationale applied against claim 5 above. 

g. Referring to claim 8: 
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i. This claim has limitations that is similar to those of claim 1, 
thus it is rejected with the same rationale applied against claim 1 above. 

h. Referring to claims 9-12: 

i. These claims consist a method of implementing a firewal in 
claim 1, thus they are rejected with the same rationale applied against claims 1, 4-5 
above. 

i. Referring to claims 13-16: 

i. These claims consist a computer program embodied in a 
machine-readable medium, the computer program comprising instructions for controlling 
a firewall to implement claim 1, thus they are rejected with the same rationale applied 
against claims 1, 4-5 above. 

j. Referring to claim 17: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) further comprising a control plane configured to build a 
bridge table (see figures 5A-B and more details in column 3, lines 64-67; column 5, 
lines 57-67 through column 6, lines 1-6 of Maufer). 

k. Referring to claim 18: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the control plane is further configured to 
inspect one or more of DHCP, ARP or OSPF packets (column 1, lines 40-48; column 
7, lines 2-12 of Maufer). 

I. Referring to claim 19: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 
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(1) wherein the control plane is further configured to 
builds a routing table (see figures 5A-B and more details in column 3, lines 64-67; 
column 5, lines 57-67 through column 6, lines 1-6 of Maufer). 

m. Referring to claim 20: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) further comprising a data plane configured to enforce 
screening policies (column 2, lines 45-67 of Maufer). 
n. Referring to claim 21: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the data plane is further configured to 
determine whether to bridge or route packets (column 6, lines 7-21 of Maufer). 
o. Referring to claim 22: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the data plane is further configured to rewrite 
packet headers before transmitting packets (column 2, lines 45-67). 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 
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Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone number 
is 571-272-2100. 




January 20, 2008 




